2017 saw a rise in the frequency and severity of data breaches and cyberattacks, planting the seeds of change in terms of defensive approach and tactics.
The WannaCry ransomware attack affected thousands of organizations, including hospitals and healthcare services in both the U.S. and the U.K. Not soon after, the Petya ransomware attack spread through the U.S. and Europe, and many large, multi-national corporations were impacted.
According to advisory firm Gartner, global spending on cyber security in 2017 approached $100 billion. Yet, a shortage of cyber security workers remained, a trend that looks to continue for the near future.
So what should we expect and prepare for the rest of 2018? BAE Systems has identified its top eight predictions:
1. The GDPR reality will hit
After six years of preparation, hype and debate the EU General Data Protection Regulation (GDPR) will be enforced beginning May 25, 2018.
Many firms processing EU citizens’ data from outside of the EU may not have understood that they, too, will be affected by the regulations. Recent analysis suggests that few firms are ready for the new regulations, raising the likelihood of breaches and potential fines.
2. Malware authors will get smarter
In recent years, a big trend in the anti-malware market has been the use of machine learning algorithms in detection engines that rely on features extracted from known bad samples.
These bad samples include metadata values, exported function names, and suspicious actions.
Malware authors will get better at building techniques to outsmart them as “NextGen AV” solutions become more commonplace.
In recent months we have seen malware filled with legitimate code and functionality which appears to have no purpose but to outsmart machine learning algorithms.
3. Extortion through ransomware hack-and-leak
There has been a rise in ransomware in recent years, partly enabled by online criminal malware marketplaces and partly due to the popularity of Bitcoin and other cryptocurrencies.
Businesses are a natural target for such attacks, as seen with WannaCry and Petya last year.
Ransomware can be spread across a large number of networked devices for maximum impact. Businesses rarely pay a ransom of this nature, as they typically have backups they can revert to when needed.
A more dangerous approach we believe criminals will begin to implement is stealing information and extorting victims by threatening to leak if ransom isn't paid. These leaks could be highly damaging, including incurring substantial fines, loss of customers, embarrassment to executives, and more.
4. Market manipulation via hack or Twitter bot
There haven’t been many cases of criminals looking for ways to target and exploit the stock market system online. However, the market remains an attractive target, as playing the market is “out-of-band” from the hack itself.
We predict we’ll see a repurposing of “fake-news” Twitter bots to push market-relevant information, which could be used in “pump-and-dump” style attacks, or could be targeted at algorithmic trading “bots.”
5. The ‘battle of the bots’ will emerge
It’s inevitable that attackers will begin to incorporate machine learning and artificial intelligence (AI) at the same rate as network defense tools. We may already be at this point, with online Twitter bots able to react to emerging events and craft messages to respond.
This could be the year we see the first battle of the AI bots. As cyber-criminals build systems that can “learn” and adapt to defenses, detection engines will also evolve using AI.
6. Supply chain woes
2017 was a huge year for supply chain attacks. We predict this will continue as criminals see this type of attack to be more and more viable.
The biggest chunk of this may be software supply chain compromise rather than third-party or hardware compromise.
7. Sociotechnical approaches to risk
Securing information has become less about having firewalls and policies, and more about complex interactions between people and machines.
Practitioners have also realized there is need to consider systems as a whole, rather than as discrete components, and have now begun to consider new approaches.
A possible new approach is safety engineering, which is already copied across other domains.
We may see greater emphasis on evolving security beyond traditional approaches, incorporating sociotechnical analysis.
8. IDN Homograph Domain Spoofing
The internationalized domain name (IDN) homograph technique uses similar characters in non-Latin alphabets to appear similar to the targeted Latin alphabet domain.
The non-Latin characters are interpreted by the Latin web browsers as “punycode.”
As an example, the punycode of “xn--oogle-qmc” resolves to “google.” Note the two different types of “g.”
Recently we have observed this technique being employed on a larger scale. Although it has been a proof of concept and used sparingly for a number of years, attackers can use a vast amount of subtle letter swaps using this technique.
We predict this technique will increase this year if web browsers continue converting the punycode domain into the unicode domain, thus appearing to be the legitimate domain to the end user.
While it’s difficult to predict what the future holds, it’s important to remain vigilant and aware to proactively defend against cybercrime.
For more detailed information on the latest threat actors and attacks, please visit our Threat Research Blog.